Trying to block empty or null user-agent traffic into the site

Tesla · November 17, 2022, 8:56pm

Hello HAProxy friends,

I am trying to block empty or null user-agent traffic into our site.

I’m using HAProxy 2.4.17

I have the following two ACLs and two http-request denies, but neither are working when i spoof user-agents to be empty

    # Identify if user-agent is found
    acl found-user-agent req.fhdr(user-agent) -m found

    # Identify if user-agent has characters
    acl char-user-agent  req.hdr_cnt(user-agent) eq 0

    # Identify if source IP is internal
    acl internal-ip       src                172.16.0.0/16
.....
    # Send HTTP 502 if request does not have a User-Agent and not internal-ip
    http-request deny deny_status 502 if !found-user-agent !internal-ip

    # Send HTTP 502 if request has zero character user-agent and not internal-ip
    http-request deny deny_status 502 if char-user-agent !internal-ip

Any thoughts on what is going on and where my logic isnt right?
Thanks

AaronWest · November 24, 2022, 7:32pm

What about using a regex like (untested):

acl user-agent-empty req.hdr(user-agent) -m reg ^$

Topic		Replies	Views
Identifying and Redirecting Traffic Based on User-Agent Header in HAProxy Help!	3	392	October 9, 2023
Haproxy acl to block ips and host header Help!	2	2220	December 17, 2020
Restricting URLs to an IP range Help!	2	405	October 25, 2023
Howto block badbots, crawlers & scrapers using list file Help!	4	8350	February 7, 2017
ACL rule not working for TCP mode Help!	1	1661	August 22, 2016

Trying to block empty or null user-agent traffic into the site

Related Topics